Google patches 32 Chrome bugs, revs browser to v.14
Tweaks Mac Chrome for Lion, lays out more than $14K in bug bounties
Computerworld - Google today patched 32 vulnerabilities in Chrome, paying more than $14,000 in bug bounties as it also upgraded the stable edition of the browser to version 14.
The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.
Google last upgraded Chrome's stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.
Fifteen of the 32 vulnerabilities were rated "high," the second-most-serious ranking in Google's four-step scoring system, while 10 were pegged "medium" and the remaining seven were marked "low."
None of the flaws were ranked "critical," the category usually reserved for bugs that may allow an attacker to escape Chrome's anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.
Six of the vulnerabilities rated high were identified as "use-after-free" bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were "out-of-bounds" flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet.
Google paid $14,337 in bounties to nine researchers, including $3,500 to "miaubiz" and $2,337 to Sergey Glazunov, another regular bug finder.
The company's security team also credited others, including researchers who work for Microsoft and Apple, for "working with us in the development cycle and preventing bugs from ever reaching the stable channel." Some of those researchers were also awarded bounties, but Google did not spell out the amounts of those awards.
As per its practice, Google barred access to the Chrome bug-tracking database for the 32 vulnerabilities to prevent outsiders from obtaining details on the flaws. The company only opens the database after users have had time to update the browser.
Google also added a pair of developer-only features to Chrome 14, including support for the Web Audio API (application programming interface) and for "native client," an open-source technology that runs software written in C and C++ within Chrome's security sandbox.
The Mac version of Chrome 14 also supports Lion's new approach to scrollbars, which appear only when a user is actively scrolling through the browser window. Chrome 14 also now runs in Lion's full-screen mode, triggered via the icon in the upper right of the browser or by pressing Ctrl-Command-F.
But Chrome's full-screen support isn't polished or finished; the browser won't return to its windowed view with a press of the Escape key, as do Apple's home-grown applications in Lion.
Chrome 14 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Five Reasons to Think Again about UC There's a lot of noise out there about Unified Communications. Here are five good questions to ask yourself and your prospective UC vendor.
- A Unify Perspective: Gartner's Magic Quadrants for Unified Communication and Corporate Telephony Affirm Unify's Leadership Unify's OpenScape UC and Voice portfolio has placed in the "Leaders" quadrant - the "magic" quadrant - with an especially strong position for...
- A Unify Perspective: Gartner's Engagement Initiative Report Affirms the New Way to Work A transformation of the enterprise that amplifies collective effort, energizes the business and dramatically improves business performance. Experience the new way of working.
- Harmonize Your Communications Experience: Are you leading a double life? Bring your own device. Embrace flexible work lifestyles. Be mobile. Welcome to the era of the anywhere worker.
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Desktop Apps White Papers |